Merge branch 'feature/change-password'

APP/src/app/shared/services/auth.service.spec.ts

@@ -179,6 +179,22 @@ describe('AuthService', () => {
     });
   });
 
+  // ── changePassword() ─────────────────────────────────────────────────────
+  describe('changePassword()', () => {
+    it('POSTs current+new password to /api/auth/change-password with credentials', () => {
+      service.changePassword('Old1234!', 'New1234!').subscribe();
+
+      const req = httpMock.expectOne(`${apiConfig.authUrl}/change-password`);
+      expect(req.request.method).toBe('POST');
+      expect(req.request.body).toEqual({
+        currentPassword: 'Old1234!',
+        newPassword: 'New1234!',
+      });
+      expect(req.request.withCredentials).toBeTrue();
+      req.flush(null, { status: 204, statusText: 'No Content' });
+    });
+  });
+
   // ── initializeFromRefreshToken() ───────────────────────────────────────────
 
   describe('initializeFromRefreshToken()', () => {

APP/src/app/shared/services/auth.service.ts

@@ -163,6 +163,20 @@ export class AuthService {
         return this.refreshInFlight$;
     }
 
+    /**
+     * Changes the current user's password. Sends the cookie so the server can
+     * keep the current session alive while revoking the user's other sessions.
+     * Emits void on success (204); errors propagate so the caller can show the
+     * server message.
+     */
+    changePassword(currentPassword: string, newPassword: string): Observable<void> {
+        return this.http.post<void>(
+            `${this.apiConfig.authUrl}/change-password`,
+            { currentPassword, newPassword },
+            { withCredentials: true }
+        );
+    }
+
     /**
      * Clears in-memory auth state immediately, then fires a fire-and-forget
      * POST to revoke the server-side refresh token cookie.